Security Risk Assessment Checklist
This security risk assessment checklist applies ASIS International General Security Risk Assessment (GSRA) Standard, ISO 31000:2018 Risk Management Framework, NIST SP 800-30 Rev 1 Risk Assessment Guide, and DHS Critical Infrastructure risk methodology. Designed for security consultants and managers conducting formal site risk assessments.
- Industry: Security Services
- Frequency: Annually
- Estimated Time: 90-180 minutes
- Role: Security Consultant / Physical Security Manager / CPP
- Total Items: 13
- Compliance: ASIS International General Security Risk Assessment Standard (GSRA), ISO 31000:2018 Risk Management Framework, NIST SP 800-30 Rev 1 Guide for Conducting Risk Assessments, DHS Critical Infrastructure Security Risk Methodology, ASIS CPP (Certified Protection Professional) Standards
Asset Identification and Criticality
Critical asset inventory and business impact ranking.
- All critical assets inventoried (people, property, information, operations)?
- Assets ranked by criticality using impact matrix (High/Medium/Low)?
- Crown jewel assets (loss = catastrophic impact) specifically identified?
- Asset dependencies and interdependencies documented?
Threat and Vulnerability Analysis
Threat identification, likelihood scoring, and vulnerability gaps.
- Threat categories identified (criminal, terrorism, natural, insider, cyber)?
- Threat likelihood scored using historical data and local intelligence?
- Physical and procedural vulnerabilities identified for each critical asset?
- Risk matrix completed (Threat Likelihood x Asset Criticality = Risk Score)?
Countermeasures and Residual Risk
Existing controls evaluation and residual risk acceptance.
- Existing security controls evaluated for effectiveness against identified threats?
- Control gaps prioritized by risk score for remediation?
- Residual risk formally accepted by senior management with signatures?
- Written risk assessment report delivered to organization leadership?
- Risk Assessment Notes and Priority Recommendations
Related Quality Assurance Checklists
- CCTV Compliance and Privacy Audit Checklist
- False Alarm Reduction Program Audit Checklist
- Executive Protection Threat Intelligence Assessment Checklist
- Post-Event Security Debrief and After-Action Report Checklist
- Employee Theft Investigation Checklist
- CCTV Footage Review and Evidence Export Checklist
- Vendor and Supplier Fraud Detection Checklist
- Corporate Internal Investigation Protocol Checklist
Related Compliance Checklists
- Security Officer Performance Evaluation Checklist - FREE Download
- CCTV Compliance and Privacy Audit Checklist - FREE Download
- False Alarm Reduction Program Audit Checklist - FREE Download
- Executive Protection Threat Intelligence Assessment Checklist - FREE Download
- Post-Event Security Debrief and After-Action Report Checklist - FREE Download
- Employee Theft Investigation Checklist - FREE Download
- CCTV Footage Review and Evidence Export Checklist - FREE Download
- Vendor and Supplier Fraud Detection Checklist - FREE Download
- Corporate Internal Investigation Protocol Checklist - FREE Download
- Corporate Security Program Annual Review Checklist - FREE Download
Why Use This Security Risk Assessment Checklist?
This security risk assessment checklist helps security services teams maintain compliance and operational excellence. Designed for security consultant / physical security manager / cpp professionals, this checklist covers 13 critical inspection points across 3 sections. Recommended frequency: annually.
Ensures compliance with ASIS International General Security Risk Assessment Standard (GSRA), ISO 31000:2018 Risk Management Framework, NIST SP 800-30 Rev 1 Guide for Conducting Risk Assessments, DHS Critical Infrastructure Security Risk Methodology, ASIS CPP (Certified Protection Professional) Standards. Regulatory-aligned for audit readiness and inspection documentation.
Frequently Asked Questions
What does the Security Risk Assessment Checklist cover?
This checklist covers 13 inspection items across 3 sections: Asset Identification and Criticality, Threat and Vulnerability Analysis, Countermeasures and Residual Risk. It is designed for security services operations and compliance.
How often should this checklist be completed?
This checklist should be completed annually. Each completion takes approximately 90-180 minutes.
Who should use this Security Risk Assessment Checklist?
This checklist is designed for Security Consultant / Physical Security Manager / CPP professionals in the security services industry. It can be used for self-assessments, team audits, and regulatory compliance documentation.
Can I download this checklist as a PDF?
Yes, this checklist is available as a free PDF download. You can also use it digitally in the POPProbe mobile app for real-time data capture, photo documentation, and automatic reporting.